SiliconAngle reports that nearly identical ransomware payloads that only differed in contact information and victim-specific details have been utilized by the HellCat and Morpheus ransomware-as-a-service operations, which have targeted high-profile organizations since their emergence in mid and late 2024, respectively.Aside from leveraging Windows Cryptographic Application Programming Interface for encrypting data aside from critical system files, both HellCat and Morpheus had ransom notes ordering victims to access their respective .onion portals using the provided credentials, according to a SentinelOne analysis. Despite similarities with the Underground Team ransomware gang that may suggest a shared builder application or codebase, HellCat and Morpheus were observed by SentinelOne researchers to have structurally and functionally different payloads indicating independent development. Such findings highlight the importance of implementing more robust threat detection and defense strategies informed by the shared resources employed by various ransomware groups, said researchers.
Ransomware, Threat Intelligence
HellCat, Morpheus RaaS operations leverage similar payloads

(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



